Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Can I set permissions for plugins by user role? (Vanilla 2.1 stable) SOLVED

whu606whu606 MVP
edited May 2014 in Vanilla 2.0 - 2.8

Using Vanilla 2.1 stable.

I've had a look on here and on the wiki, but haven't found what I am looking for. (I may just have missed it.)

I see that plugins can check user permissions, and show based on that.

Is there a way to do this simply based on a user's role? That is, to check for a specific role, and allow the user access only if they are in that role?

Thanks for any help.

«1

Comments

  • R_JR_J Admin

    I've written a plugin that displays different themes based on users role. I think that will be a good starting point: https://github.com/R-J/RolebasedTheme/blob/master/class.rolebasedtheme.plugin.php

  • R_JR_J Admin

    ... but you have to think about users with more than one role, which is not very clean but since it is possible it might happen.

  • @R_J‌

    Thanks very much. I'll have a shufti at that.

  • This is backwards.

    Roles are assigned permissions. Permissions determine access not roles.

    Roles are how you assign different sets of permissions to different users.

    Yes you can do it, it but is is not vanilla.

    grep is your friend.

  • In other words if you want to check if someone should be able to do something, you should check permissions not roles. Role, is to assign those permission to the user, and with multiple roles, the permissions are additive.

    grep is your friend.

  • @x00‌

    Thanks for that.

    I guess what I should be asking then is

    is there documentation/guidance on creating a custom permission to assign to users?

  • hgtonighthgtonight MVP
    edited May 2014

    I can't see a use case for this, but you can definitely do it!

    public function CheckForRole($ID = -1, $Name = '') {
      if((!is_numeric($ID) || $ID < 0) && $Name == '') {
        return FALSE;
      }
      $Session = Gdn::Session();
      $Ref = ($ID > 0) ? $ID : $Name;
      $RoleModel = new RoleModel();
      $Dataset = $RoleModel->GetByUserID($Session->UserID)->Result(DATASET_TYPE_ARRAY);
      $Roles = ConsolidateArrayValuesByKey($Dataset, 'RoleID', 'Name');
    
      if(array_key_exists($Ref, $Roles)) {
        return TRUE;
      }
      else {
        foreach($Roles as $ID => $Title) {
          if(strcasecmp($Title, $Ref) == 0) {
            return TRUE;
          }
        }
      }
    
      return FALSE;
    }
    

    EDIT - Cross post. I thought it was an interesting problem, if not a little useless.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • @hgtonight‌

    Thanks very much for the input and example (and the knowledgeable discouragement!).

    The situation is that I would like to limit the use of a plugin to a specified group of users, rather than allow it to be used by the whole forum.

    From x00's input, I realise I should be asking how to set up a new permission via the plugin, so I end up with something like

    (Gdn::Session()->CheckPermission('Plugins.Pluginname.Permission'))

  • x00x00 MVP
    edited May 2014

    In plugin you can set new permissions in the RegisterPermissions part of the $PluginInfo, then you can use

    Gdn::Session()->CheckPermission('YourPermission') or even just CheckPermission('YourPermission')

    to automatically deny from that point on Gdn::Controller()->Permission('YourPermission') (often used at the top of hooks).

    Note the dot syntax will influence how it will be displayed in the permissions groups under roles, and what it is grouped with

    Common convention for naming a permission for a particular plugin would be Plugins.PluginName.SomeFacility

    it really depends on the nature of the permission how you wan to group it with.

    Then after that is all set up you assign the permission to the roles.

    grep is your friend.

  • @x00‌

    Thank you so much for taking the trouble to help out.

    That seems to be exactly what I needed to know.

    Will have a fiddle and report back!

  • hgtonighthgtonight MVP
    edited May 2014

    No worries!

    You can register permissions automatically on plugin enable by adding 'RegisterPermissions' => array('AnyName.You.Want' => 1, 'Plugins.PluginName.PermType' => 0), to your plugin info array.

    You can use any key you want but the general idea is to namespace them with a dot notation. For example, DiscussionPolls uses the following value:

    'RegisterPermissions' => array('Plugins.DiscussionPolls.Add', 'Plugins.DiscussionPolls.View', 'Plugins.DiscussionPolls.Vote', 'Plugins.DiscussionPolls.Manage')
    

    This keeps all the plugins permissions in the same block and uses the 'standard' permissions. You notice that you don't have to assign a value to the new permissions. Assigning bool value will default it to on/off.

    EDIT: Cross-post AGAIN!

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • I clarified some of the language in my reply.

    grep is your friend.

  • LincLinc Admin

    Great topic & info, guys. Made a note to make this a developer doc.

  • peregrineperegrine MVP
    edited May 2014

    whu606

    any plugin that you have added to you setup that has an individual plugin setting in dashboard does essentially this.

    to name a couple examples of plugins.

    FileUpload
    MembershipEnh

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP
    edited May 2014

    yep, I actually looked there first before making a reply, as it is no point repeating it, if I can link.

    @Lincoln is everything from the old docs now covered in the new docs? Because I had to go to he old docs explicitly, as the link has changed.

    grep is your friend.

  • @x00 to the rescue once again.

    That did exactly what I was hoping it would.

    Thanks again for the help.

  • LincLinc Admin

    Yes, I copy/pasted any old docs that were still relevant into the new docs and will be revising them as soon as possible. The old docs site will be going offline as soon as I can get 301s set up.

  • Thanks to everyone for their help.

    @Peregrine, I did look at a couple of plugins which I knew had permissions options in the dashboard, but hadn't realised it was as straightforward as declaring a permission via Register Permissions.

  • I've edited the title a bit to reflect the question I should have asked... B)

  • LincLinc Admin

    Ah, but the original was still a question others will ask and need to learn they are likewise asking the wrong question :) I did it myself when I was getting started.

Sign In or Register to comment.